From owner-freebsd-audit Mon Nov 29 12:34:29 1999 Delivered-To: freebsd-audit@freebsd.org Received: from spirit.jaded.net (spirit.jaded.net [216.94.113.12]) by hub.freebsd.org (Postfix) with ESMTP id 8ABDB1529A; Mon, 29 Nov 1999 12:34:26 -0800 (PST) (envelope-from dan@spirit.jaded.net) Received: (from dan@localhost) by spirit.jaded.net (8.9.3/8.9.3) id PAA03222; Mon, 29 Nov 1999 15:36:39 -0500 (EST) Date: Mon, 29 Nov 1999 15:36:39 -0500 From: Dan Moschuk To: Brad Knowles Cc: Kris Kennaway , Dan Moschuk , Bruce Evans , Mike Smith , audit@FreeBSD.ORG, Warner Losh Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Message-ID: <19991129153639.B2999@spirit.jaded.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from blk@skynet.be on Mon, Nov 29, 1999 at 09:20:13PM +0100 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG | > I don't know what Theodore Ts'o's credentials are, but I'm still much more | > inclined to trust the work of someone who does this stuff for a living | > than a part-time cryptographer. | | As I recall, he's one of the principles at MIT working on the | freely available implementation of PGP, although I don't know his | specific crypto background. PGP is based on known algorithms, implementing and designing are two vastly different things. | This seems like a serious problem. I think we need to fix this | as soon as we can, if we're going to have any credibility in our | audit and security processes (I think we also need to get the commit | process changed so as to help automate what we can of the | audit/re-audit process). | | Does anyone have any further thoughts in this area? Anyone know | of any available professional cryptographers who might be available | to do this kind of work? Anybody got any better contacts with Greg | Rose or Carl Ellison, or perhaps other cryptographers who might know | of potentially interested/available parties? One of the benefits of using an algorithm designed by a professional cryptographer is that the algorithm is bound to be studied extensively, it doesn't neccessarily have to be from our code base. -- Dan Moschuk (TFreak!dan@freebsd.org) "Cure for global warming: One giant heatsink and dual fans!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message